Process Monitor v3.50

In this article

Introduction

Process Monitor is an advanced monitoring tool for Windows that shows
real-time file system, Registry and process/thread activity. It combines
the features of two legacy Sysinternals utilities, Filemon and
Regmon, and adds an extensive list of enhancements including rich and
non-destructive filtering, comprehensive event properties such session
IDs and user names, reliable process information, full thread stacks
with integrated symbol support for each operation, simultaneous logging
to a file, and much more. Its uniquely powerful features will make
Process Monitor a core utility in your system troubleshooting and
malware hunting toolkit.

The best way to become familiar with Process Monitor's features is to
read through the help file and then visit each of its menu items and
options on a live system.

Screenshots

Related Links

Windows Internals BookThe
official updates and errata page for the definitive book on Windows
internals, by Mark Russinovich and David Solomon.

Windows Sysinternals Administrator's ReferenceThe
official guide to the Sysinternals utilities by Mark Russinovich and
Aaron Margosis, including descriptions of all the tools, their
features, how to use them for troubleshooting, and example
real-world cases of their use.